High severityNVD Advisory· Published Apr 23, 2014· Updated May 6, 2026
CVE-2014-2888
CVE-2014-2888
Description
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sfpagentRubyGems | < 0.4.15 | 0.4.15 |
Affected products
54cpe:2.3:a:herry:sfpagent:0.0.1:*:*:*:*:ruby:*:*+ 52 more
- cpe:2.3:a:herry:sfpagent:0.0.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.11:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.12:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.13:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.14:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.1.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.2.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.3.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.0:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.11:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.12:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.13:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:0.4.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:herry:sfpagent:*:*:*:*:*:ruby:*:*range: <=0.4.14
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2014/04/18/4nvdExploitWEB
- www.vapid.dhs.org/advisories/spfagent-remotecmd.htmlnvdExploit
- github.com/advisories/GHSA-vm28-mrm7-fpjqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-2888ghsaADVISORY
- seclists.org/fulldisclosure/2014/Apr/243nvdWEB
- www.openwall.com/lists/oss-security/2014/04/16/1nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/sfpagent/CVE-2014-2888.ymlghsaWEB
- web.archive.org/web/20201029141944/http://www.vapid.dhs.org/advisories/spfagent-remotecmd.htmlghsaWEB
News mentions
0No linked articles in our index yet.